Joomla core – Security from the root

“By default, Joomla! is very secure”.

The core of Joomla is the installation package you downloaded to update your site or setup a new Joomla website.

Talking about the code at its core, Joomla core is guaranteed to be stronger than Arnold Schwarzenegger. Joomla core has been constantly updated and upgraded. If you haven’t used Joomla since 2.x version, you need to go back to Joomla.org, get the latest 3.6 version now and see the difference!

Joomla today is no longer a buggy CMS like it was falsely believed to be so. And what’s more? It still stays as a reasonably secure platform right from its core.

If there is any Joomla security issues have been detected, it will be addressed very quickly. Joomla core development team has a very good timely response to reported security issues. Not to mention that there’s a whole squad here to keep Joomla perfectly run well for your site: The Joomla Security Strike Team and The Bug Squad. With each Joomla version release, if there is a problem in security, the Joomla team will immediately roll out an updated version with security fix.

What does this mean?

It means that if you want to sleep tight without staying wide awake guarding your site, you need to update to the latest Joomla core version. Always.

Joomla templates and Joomla extensions – are they a threat?

When Joomla core is no doubt what you can absolutely trust in its security, like any other CMSs, most of the Joomla security issues come from third-party add-ons and templates.

Weak Joomla third-party extensions and Joomla templates seem to be the open door for Joomla hacks. But you can count on Joomla extensions from JED and trusted Joomla providers.

There are many requirements for Joomla products to get listed on JED. Joomla also has smart security features such as a database class to check for poor code. So, JED review team will only pick verified extensions to show on JED.

Plus, there is a security guide with all the security tips to make a Joomla extension safe before delivering them to end-users. There’s a useful place you might not know yet: Vulnerable Extension List – Joomla keeps an updated track of the vulnerable extensions and put them there. There are many eyes on extensions on JED, so probably the developers themselves will detect the security issues and fix them before a hacker does!

How about safe Joomla templates? There’s solution for your concern: be careful when adding new template to your site and always use Joomla templates from trusted providers. Oh and forget all the templates (or extensions) that have been outdated for too long.

Using Joomla templates and extensions is definitely not a threat to your website’s security.

At JoomlaShine, we always pay attention to the quality right from the first line of codes and guarantee the security within our products. Our team understands more than anyone the importance of high quality Joomla product so our customers don’t have to suffer from such hacker nightmare. If there’s any security issue detected, like the team at Joomla core, we always head to fix and release an updated version as soon as possible. Of course, we’ll announce and inform all of JSN users to update too.

If you want to take a step higher in protecting your website from hackers, Joomla has plenty of monster-like Joomla security extensions. These extensions will take away the anxiety of being hacked for you:

Joomla settings and user controls – Utilize them to protect your site further

As you already know, a part of Joomla power lies in its ACL (Access Control List) – a super user control and user access level. You can flexibly grant different access level to different user groups without any hassle to manage your users while at the same time protect your Joomla site effectively.

Another better side of Joomla when it comes to security is that you can easily rebrand Joomla or hide Joomla version information from publicity. With WordPress, it’s quite easy to figure out what your site is using from just browsing the front-end. However, in Joomla, you can keep its identity under the rug.

At the end of the day, I found this so damn true:

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford.

Using a software and have it running online, you’re exposed to every thread of security breaches. However, with Joomla, you have less security issues to be worried about (remember the security checklist, Joomla’s secure core, how Joomla is more advanced when setting it up for higher security?).

And do you realize your role in the whole story?

How secure Joomla or any other CMS is depends greatly on how you use it.

At the end of the day, Joomla is my choice when deciding a CMS based on its security level. How about yours?

About the author

A Joomler lives by spreading words about Joomla! Her writing motto: Let's spread the Joomla love. If you want to talk about Joomla with Vivian, don't hesitate to buzz her via @vivianjsn on Twitter! Or just simply leave your comment here.

Support

Connect with us

JoomlaShine and this site is not affiliated with or endorsed by The Joomla! Project™. Any products and services provided through this site are not supported or warrantied by The Joomla! Project or Open Source Matters, Inc. Use of the Joomla!® name, symbol, logo and related trademarks is permitted under a limited license granted by Open Source Matters, Inc.